Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1085
Views
0
Helpful
3
Replies

ACS 5.1 database synchronization problems

Wojciech Mitus
Level 1
Level 1

‎02-24-2016 01:59 AM - edited ‎03-10-2019 11:31 PM

Hello, recently we started to experience following problems with our ACS 5.1 deployment (distributed deployment, two nodes primary and secondary).

 - Synchronization loss between nodes. In "System Administration" -> "Operations" -> "Distributed system management" we see secondary node always on "REPLICATING" or "PENDING" status, never "UPDATED". Replication is successful only after restarting application on both nodes (status changes to "UPDATED"). After some time situation repeats - secondary node replication status changes to "PENDING" and stays there until entire deployment is restarted.

 - Changes made in autorization policy on primary node are visible in web interface, but are not reflected in authorization events until application is restarted on both nodes. Only then new rules are actually used in authorization process.

Can anyone share some tips on what could we do to diagnose the cause of these problems?

Thanks,

Wojtek

Labels:
0 Helpful
3 Replies 3

Javier Henderson
Level 4
Level 4

‎02-24-2016 04:16 AM

Wojciech,

You will want to enable the following debugs:

debug-log runtime level debug

debug-log mgmt level debug

Then wait for the problems to occur, collect a support bundle, and then review the logs. 

Also, note that ACS 5.1 is quite old and out of support by now, you will want to upgrade to a newer release. The latest one is 5.8.

Javier Henderson

Cisco Systems

0 Helpful

Wojciech Mitus
Level 1
Level 1
In response to Javier Henderson

‎02-24-2016 05:33 AM

Hi Javier, thanks for the response. Regarding debug commands - i can't enter these commands when logged in as admin in ACS CLI. There is no "debug-log" command at all:

acs01/admin# debug?
 all Enable all debugging
 application Application debugging
 backup-restore Backup and restore
 cdp Cisco Discovery Protocol
 config Configuration
 copy Copy commands
 icmp Icmp echo response configuration
 locks Resource locking
 logging Logging configuration
 snmp Snmp configuration
 system System
 transfer File transfer
 user User Management
 utils Utilities

Additionally - i've spotted following errors in ACS dashboard:

  •  CSCOacs_Internal_Operations_Diagnostics FATAL Configuration management could not translate configuration change. Runtime configuration changes will not take effect
  •  Database failure (acs01, TacacsAccounting) Please see Collector log for details

So, where can i find this "collector log" ? Will it be part of a support bundle?

Thanks,

Wojtek

0 Helpful

Wojciech Mitus
Level 1
Level 1
In response to Wojciech Mitus

‎02-24-2016 05:42 AM

Hi again, sorry, i have already found appropriate guide on how to configure debug-log and generate support bundle.

Wojtek

0 Helpful
Customers Also Viewed These Support Documents